United States Ex Rel. Sheldon v. Kettering Health Network , 2016 FED App. 0059P ( 2016 )


Menu:
  •                           RECOMMENDED FOR FULL-TEXT PUBLICATION
    Pursuant to Sixth Circuit I.O.P. 32.1(b)
    File Name: 16a0059p.06
    UNITED STATES COURT OF APPEALS
    FOR THE SIXTH CIRCUIT
    _________________
    UNITED STATES      OF   AMERICA ex rel. VICKI          ┐
    SHELDON,                                               │
    Relator-Appellant,    │
    │
    │
    v.                                               >      No. 15-3075
    │
    │
    KETTERING HEALTH NETWORK,                              │
    Defendant-Appellee.     │
    ┘
    Appeal from the United States District Court
    for the Southern District of Ohio at Cincinnati.
    No. 1:14-cv-00345—Timothy S. Black, District Judge.
    Argued: October 8, 2015
    Decided and Filed: March 7, 2016
    Before: KEITH, CLAY, and WHITE, Circuit Judges.
    _________________
    COUNSEL
    ARGUED: Robert F. Croskery, CROSKERY LAW OFFICES, Cincinnati, Ohio, for Appellant.
    Natalie T. Furniss, BRICKER & ECKLER, LLP, Columbus, Ohio, for Appellee. ON BRIEF:
    Robert F. Croskery, CROSKERY LAW OFFICES, Cincinnati, Ohio, for Appellant. Natalie T.
    Furniss, Anne Marie Sferra, BRICKER & ECKLER, LLP, Columbus, Ohio, for Appellee.
    _________________
    OPINION
    _________________
    CLAY, Circuit Judge. Plaintiff Vicki Sheldon (“Relator,” in this qui tam action) appeals
    from the district court’s order, entered on January 6, 2015, denying her motion for leave to
    amend her complaint and granting Defendant Kettering Health Network’s (“KHN”) motion to
    1
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network              Page 2
    dismiss.   Relator alleges that KHN violated the False Claims Act (“FCA”), 31 U.S.C.
    § 3729(a)(1), by falsely attesting to compliance with the Health Information Technology for
    Economic and Clinical Health Act (hereinafter “HITECH Act” or “the Act”), Pub. L. No. 111-5,
    Title XIII, 123 Stat. 226 (2009), and by receiving “meaningful use” incentive payments as a
    result. The district court held that Relator’s complaint failed to state a plausible claim, and
    denied as futile Relator’s motion to amend. The district court held, in the alternative, that
    Relator’s claims were precluded by a prior Ohio state court judgment in a case involving similar
    claims filed by Relator against KHN.
    For the reasons set forth below, we AFFIRM the district court’s order granting KHN’s
    motion to dismiss and denying Relator’s motion to amend.
    BACKGROUND
    On April 29, 2014, Relator brought a qui tam action under the False Claims Act,
    31 U.S.C. § 3730(b), against KHN in federal court, alleging KHN falsely certified its compliance
    with certain provisions of the HITECH Act.
    I.     The HITECH Act
    Enacted in 2009, the HITECH Act was designed to encourage the adoption of
    sophisticated electronic health record (“EHR”) technology by health care providers. See, e.g.,
    Vadim Schick, After HITECH: HIPAA Revisions Mandate Stronger Privacy and Security
    Safeguards, 37 J.C. & U.L. 403, 404 (2011). To that end, the Act creates incentive payments for
    eligible health care providers (“providers”)—i.e. individual hospitals and health care
    professionals—that demonstrate “meaningful use” of certified EHR technology.         42 C.F.R.
    § 495.2; see also 42 U.S.C. §§ 1395w-4(o), 1395ww(n) (establishing diminishing schedule for
    incentive payments to encourage early adoption by eligible professionals and hospitals).
    Incentive payments are calculated using a formula that takes account of each individual
    provider’s volume of patients. See, e.g., 42 C.F.R. §§ 495.102(a)(1) (eligible professionals),
    495.104(c)(2) (hospitals).
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 3
    As a condition to receipt of incentive payments, the Act requires providers to meet
    roughly two-dozen meaningful-use objectives and accompanying measures of compliance.
    42 C.F.R. § 495.20; 42 U.S.C. §§ 1395w-4(o), 1395ww(n). Objectives and measures were
    released in two stages; Stage 2, which went into effect on September 4, 2012, added additional
    objectives and measures to the requirements for compliance with the Act. See Electronic Health
    Record Incentive Program—Stage 2, 77 Fed. Reg. 53,968 (Sept. 4, 2012); 42 C.F.R.
    §§ 495.20(h)–(m). After Congress passed the Act, the Centers for Medicare and Medicaid
    Services (“CMS”), an agency of the Department of Health and Human Services, promulgated
    specific standards for meeting these objectives. See, e.g., Medicare and Medicaid Programs;
    Electronic Health Record Incentive Program, 75 Fed. Reg. 44314-01 (July 28, 2010).
    The meaningful-use objective relevant here (hereinafter “the objective” or “security and
    privacy objective”) requires providers to “[p]rotect electronic health information created or
    maintained by the certified EHR technology through the implementation of appropriate technical
    capabilities.” 42 C.F.R. §§ 495.20(d)(15)(i), (f)(14)(i), (j)(16)(i), (l)(15)(i) (establishing the
    same security and privacy objective for different types of providers over different Stages of Act
    implementation). To meet the objective during Stage 1 of Act implementation, providers were
    required to “[c]onduct or review a security risk analysis in accordance with the requirements
    under 45 C.F.R. § 164.308(a)(1) and implement security updates as necessary and correct
    identified security deficiencies as part of [their] risk management process.”                
    Id. at §§
    495.20(d)(15)(ii), (f)(14)(ii). During Stage 2, providers are additionally required to “address[]
    the encryption/security of data stored in Certified EHR Technology in accordance with
    requirements under” 45 C.F.R. §§ 164.312(a)(2)(iv) and 164.306(d)(3).                   42 C.F.R.
    §§ 495.6(j)(16)(ii), (l)(15)(ii). To receive incentive payments, individual providers must legally
    attest to meeting these standards.     See 
    id. at §
    495.8.    Attestation is required at intervals
    dependent upon the type of provider, the “EHR Incentive Program” chosen (Medicare or
    Medicaid), and the reporting year. See 
    id. at §
    495.4.
    Both Stage 1 and Stage 2 measures for the security and privacy objective require
    providers to comply with 45 C.F.R. § 164.308(a)(1), which contains security and privacy
    standards established under the Health Insurance Portability and Accountability Act of 1996
    No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                 Page 4
    (“HIPAA”).       Subsection (a)(1) requires health care providers to “[i]mplement policies and
    procedures to prevent, detect, contain, and correct security violations.”          Specifically, the
    subsection requires providers to:
    (A) . . . Conduct an accurate and thorough assessment of the potential risks and
    vulnerabilities to the confidentiality, integrity, and availability of electronic
    protected health information held by the covered entity or business associate.
    (B) . . . Implement security measures sufficient to reduce risks and vulnerabilities
    to a reasonable and appropriate level to comply with § 164.306(a).
    (C) . . . Apply appropriate sanctions against workforce members who fail to
    comply with the security policies and procedures of the covered entity or business
    associate.
    (D) . . . Implement procedures to regularly review records of information system
    activity, such as audit logs, access reports, and security incident tracking reports.
    
    Id. at (a)(1)(ii).
    Stage 2 measures for the objective require providers to comply with two additional
    HIPAA regulations—45 C.F.R. §§ 164.312(a)(2)(iv) and 164.306(d)(3)—that also contain
    security standards.       42 C.F.R. §§ 495.6(j)(16)(ii), (l)(15)(ii).         The first standard,
    § 164.312(a)(2)(iv), requires providers to “[i]mplement a mechanism to encrypt and decrypt
    electronic protected health information.”       The second standard, § 164.306(d)(3), requires
    providers to implement such a mechanism if “reasonable and appropriate,” and if not, to
    document why and implement “an equivalent alternative measure.”
    II.     Relator’s first amended complaint
    According to Relator’s first amended complaint, Defendant KHN is a network of
    hospitals, medical facilities, and physicians that provide medical services. “[D]uring the past
    several years,” the complaint asserts, KHN certified to the United States that it implemented a
    system of protecting electronic protected health information (“e-PHI”) in accordance with
    HITECH Act requirements, and it received meaningful-use payments as a result. (R. 4 at ¶ 5.)
    KHN would submit this certification to the government by “checking ‘Yes’ to the question ‘Did
    you conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement security
    No 15-3075                  U.S. ex rel. Sheldon v. Kettering Health Network                            Page 5
    updates as necessary and correct identified security deficiencies as part of its [sic] risk
    management processes.’” (Id. at ¶ 25.)1
    Relator alleges, however, that KHN’s attestations of compliance under the Act were
    false. This allegation stems from two letters she received from KHN informing her that its
    employees had impermissibly accessed her e-PHI.                      These letters, which were attached to
    Relator’s original complaint, state that based on its own internal investigation, KHN discovered
    Relator’s e-PHI had been accessed on several occasions by Relator’s (now former) husband,
    Duane Sheldon, and others.2 Relator’s complaint asserts that while Duane Sheldon was serving
    as a director for KHN, he began an affair with a subordinate employee, and together they
    accessed Relator’s e-PHI in furtherance of that affair. The letters Relator received from KHN
    also state that (1) “these instances of access are inappropriate/unauthorized and in violation of
    [KHN] policy and procedure, as well as law,” (2) KHN was investigating these instances of
    access “as a breach under the [HITECH Act],” and (3) KHN would be notifying the United
    States Department of Health and Human Services of the breaches. (R. 1-1, Pg ID # 10–13.)
    After Relator learned her e-PHI had been impermissibly accessed, she requested (through
    counsel) that KHN provide her with specific e-PHI access reports generated by a software
    system called “EPIC.” Relator asserts that KHN bought and implemented the EPIC software
    system sometime before her e-PHI was breached. The complaint states that when properly
    utilized, the EPIC system helps KHN to “maintain[] electronic health information,” and allows
    approved persons to access medical information while protecting such information from
    unapproved access. (R. 4 at ¶ 7.) With EPIC, health care providers can run a comprehensive
    series of reports, known as “CLARITY” reports, which help providers monitor improper access
    to e-PHI. Relator, who apparently has some personal familiarity with the EPIC software, lists
    several of these reports by name in her complaint and asserts that EPIC’s training materials
    1
    However, the complaint does not state where or on what form KHN “checked ‘Yes’” to this question.
    2
    “Although matters outside of the pleadings are not to be considered by a court in ruling on a 12(b)(6)
    motion to dismiss, documents attached to a motion to dismiss are considered part of the pleadings if they are
    referred to in the plaintiff’s complaint and are central to the plaintiff’s claim.” Seaton v. TripAdvisor LLC, 
    728 F.3d 592
    , 596 (6th Cir. 2013) (internal quotation marks and brackets omitted).
    No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                Page 6
    suggest providers run such reports on a regular basis to safeguard against unauthorized access to
    e-PHI.
    Relator states that when she asked for specific CLARITY reports by name, KHN refused
    to provide them.      Instead, KHN provided her with a series of “homegrown” reports that
    contained inconsistent information regarding the users who had impermissibly accessed
    Relator’s e-PHI. At some point, Relator discovered that her daughter and grandson’s e-PHI had
    also been inappropriately accessed, and that their medical billing information had been
    manipulated. Finally, Relator alleges that an employee who reported to Duane Sheldon routinely
    ran an “expired medication report” containing the e-PHI of Relator and numerous other patients.
    According to Relator, there was no reason for this employee to run that report, and the report sat
    on an unmonitored printer for hours.
    Based on these facts, the complaint avers that KHN’s attestation of compliance with the
    HITECH Act’s security and privacy objective was false.
    III.     Subsequent procedural history
    On June 4, 2014, while her federal complaint was still under seal pending possible
    government intervention, Relator filed a second suit against KHN in the Court of Common Pleas
    for Montgomery County, Ohio. In this suit, Relator was joined by her daughter Haley Dercola
    and grandson Tucker Dercola as plaintiffs, and together they alleged state torts arising from the
    same breach of Relator’s and co-plaintiffs’ electronic health records.          They also alleged
    violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq., and the Fair Debt
    Collection Practices Act, 15 U.S.C. § 1692, et seq., stemming from KHN’s alleged mishandling
    of bills accumulated during Haley Dercola’s hospitalization while giving birth to Tucker.
    On August 29, 2014, the United States filed a notice of election to decline intervention in
    Relator’s qui tam action in federal court. That same day, the district court ordered the complaint
    be unsealed.
    On October 21, 2014, the Montgomery County Court of Common Pleas dismissed
    Relator’s state action in its entirety for “failure to state a claim upon which relief can be
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 7
    granted.” Sheldon v. Kettering Adventist HealthCare, 2014 CV 03304, at *3 (Montgomery Cty.
    Ct. Com. Pl. 2014). The court based its dismissal on the fact that (1) “Every allegation related to
    Plaintiff’s tort claims in the ‘facts’ section of the complaint revolves around KHN’s alleged
    failure to run certain ‘Clarity reports,’ which Plaintiffs alleged were required of KHN under
    HIPAA;” and (2) “HIPAA does not allow private causes of action, according to Ohio law.” 
    Id. Plaintiffs appealed
    that decision to the Court of Appeals of Ohio.
    On November 12, 2014, KHN filed a motion to dismiss in the federal case arguing:
    (1) Relator had failed to state a claim under the heightened pleading standards applicable to FCA
    claims, and (2) the Ohio state court’s dismissal of Relator’s state case was res judicata, and
    Relator’s federal claim was therefore precluded. On December 12, 2014, Relator filed a motion
    to amend her complaint, attaching a proposed amended complaint that Relator argued “cures any
    perceived defects in insufficient particularity.” (R. 14, Pg ID # 326.)
    Relator’s proposed second amended complaint alleged that KHN’s breaches affected not
    only Realtor and her family members, but also dozens of other people whose e-PHI was
    mistakenly shared with Relator.         The proposed complaint further stated that to obtain
    meaningful-use money from the federal government, KHN certified its compliance with the
    HITECH Act on a yearly basis, and that such certification was required in 2011, 2012, and 2013.
    Finally, the proposed complaint listed four KHN employees that Relator claimed “participated”
    in KHN’s false certification of HITECH Act compliance.
    On January 6, 2015, the district court issued an order denying Relator’s motion to amend
    and granting KHN’s motion to dismiss under Rule 12(b)(6). The district court held that Relator
    failed to plead her claims with sufficient particularity because she had not alleged a specific false
    claim by KHN, and because she failed to plausibly plead that KHN did not meet the HITECH
    Act’s standards. The court further held that because Relator’s proposed amended complaint
    failed to cure these deficiencies, granting her leave to amend would be futile. Finally, as an
    alternative basis for its decision, the district court noted that the factual allegations in Relator’s
    federal case “are nearly identical to those underlying the state court action,” and therefore
    Relator’s claims were barred by the doctrine of res judicata. (R. 19, Pg ID # 387.) Relator
    timely appealed.
    No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                     Page 8
    On August 14, 2015, the Court of Appeals of Ohio rendered its decision on Relator’s
    state action. Sheldon v. Kettering Health Network, 
    40 N.E.3d 661
    (Ohio Ct. App. 2015). The
    court affirmed the dismissal of Relator’s state case and reiterated that her claims “stemmed from
    KHN’s alleged failure to protect the privacy of the plaintiffs’ electronic medical information and
    the improper accessing and disclosure of that information by KHN administrator Duane Sheldon,
    the former spouse of Vicki Sheldon.” 
    Id. at *1.
    On September 25, 2015, Relator appealed that
    decision to the Ohio Supreme Court. That appeal is currently pending.
    DISCUSSION
    I.      Standard of Review
    We review de novo a district court’s dismissal of a suit pursuant to Rule 12(b)(6).
    Riverview Health Inst. LLC v. Med. Mut. of Ohio, 
    601 F.3d 505
    , 512 (6th Cir. 2010). A district
    court’s order denying a Rule 15(a) motion to amend is typically reviewed for abuse of discretion.
    Rose v. Hartford Underwriters Ins. Co., 
    203 F.3d 417
    , 420 (6th Cir. 2000). However, where the
    district court denies leave to amend because the complaint as amended would not withstand a
    motion to dismiss under Rule 12(b)(6), that denial is reviewed de novo. Seaton v. TripAdvisor
    LLC, 
    728 F.3d 592
    , 596 (6th Cir. 2013) (discussing standard for denial of leave to amend for
    “futility”). Likewise, we review de novo a district court’s application of the doctrine of res
    judicata. Bragg v. Flint Bd. of Educ., 
    570 F.3d 775
    , 776 (6th Cir. 2009).
    II.     Analysis
    A.      Pleading standards under the False Claims Act
    The False Claims Act imposes liability on any person who “knowingly makes, uses, or
    causes to be made or used, a false record or statement material to a false or fraudulent claim.”
    31 U.S.C. § 3729(a)(1)(B); see also 
    id. at §
    3730(b) (“A person may bring a civil action for a
    violation of section 3729”). As with all claims, plaintiffs alleging violations of the FCA must
    plead sufficient facts that, when taken as true, “state a claim to relief that is plausible on its face.”
    Ashcroft v. Iqbal, 
    556 U.S. 662
    , 678 (2009) (internal quotation marks omitted). “The district
    court must construe the complaint in a light most favorable to the plaintiff, accept all of the
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 9
    factual allegations as true, and determine whether the plaintiff undoubtedly can prove no set of
    facts in support of his claims that would entitle him to relief.” Columbia Nat. Res., Inc. v.
    Tatum, 
    58 F.3d 1101
    , 1109 (6th Cir. 1995).
    In addition, “[c]omplaints alleging FCA violations must comply with Rule 9(b)’s
    requirement that fraud be pled with particularity.” Chesbrough v. VPA, P.C., 
    655 F.3d 461
    , 466
    (6th Cir. 2011). Under Rule 9(b), a party alleging fraud or mistake “must state with particularity
    the circumstances constituting fraud or mistake.” Fed. R. Civ. P. 9(b); see also U.S. ex rel.
    SNAPP, Inc. v. Ford Motor Co., 
    532 F.3d 496
    , 505 (6th Cir. 2008) (“SNAPP I”) (noting the
    “knowledge” element of FCA claims “does not need to be pled with particularity”). Specifically,
    a plaintiff must “allege the time, place, and content of the alleged misrepresentation . . . the
    fraudulent scheme; the fraudulent intent of the defendants; and the injury resulting from the
    fraud.” U.S. ex rel. Bledsoe v. Cmty. Health Sys., Inc., 
    342 F.3d 634
    , 643 (6th Cir. 2003)
    (“Bledsoe I”) (quoting Coffey v. Foamex L.P., 
    2 F.3d 157
    , 161–62 (6th Cir. 1993)).
    Importantly, Rule 9 should not be read to “reintroduce formalities to pleading.” U.S. ex
    rel. Bledsoe v. Cmty. Health Sys., Inc., 
    501 F.3d 493
    , 503 (6th Cir. 2007) (“Bledsoe II”); see also
    SNAPP 
    I, 532 F.3d at 503
    –04 (noting Rule 9’s heightened pleading standards “should not be
    read to defeat the general policy of ‘simplicity and flexibility’ in pleadings contemplated by the
    Federal Rules”). A complaint sufficiently pleads the time, place, and content of the alleged
    misrepresentation so long as it “ensure[s] that [the] defendant possesses sufficient information to
    respond to an allegation of fraud;” providing the defendant with sufficient information to
    respond is Rule 9’s “overarching purpose.” SNAPP 
    I, 532 F.3d at 504
    .
    B.      Application to Relator’s amended and proposed amended complaints
    To state a claim under the FCA, the plaintiff must sufficiently plead:
    [1] that the defendant [made] a false statement or create[d] a false record [2] with
    actual knowledge, deliberate ignorance, or reckless disregard of the truth or falsity
    of the information; [3] that the defendant . . . submitted a claim for payment to the
    federal government; . . . and [4] that the false statement or record [was] material
    to the Government’s decision to make the payment sought in the defendant’s
    claim.
    No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                          Page 10
    U.S. ex rel. SNAPP, Inc. v. Ford Motor Co., 
    618 F.3d 505
    , 509 (6th Cir. 2010) (“SNAPP II”).3
    In dismissing Relator’s suit pursuant to Rule 12(b)(6), the district court identified two
    deficiencies in the amended and proposed amended complaints—namely, failure to plead facts
    sufficient to plausibly establish the [1] false statement and [3] claim for payment elements above.
    These deficiencies are addressed in turn.
    1.       Relator failed to plausibly allege that KHN’s attestation of HITECH
    Act compliance was false
    The FCA requires relators to establish “that the defendant [made] a false statement or
    create[d] a false record.” SNAPP 
    II, 618 F.3d at 509
    . We have held that “[w]hen a claim [for
    payment] expressly states that it complies with a particular statute, regulation, or contractual
    term that is a prerequisite for payment, failure to actually comply” satisfies this element. See
    
    Chesbrough, 655 F.3d at 467
    (citing Mikes v. Straus, 
    274 F.3d 687
    , 697–99 (2d Cir. 2001)).
    This theory of liability under the FCA is referred to as “false certification.” 
    Id. As noted
    above, a relator’s pleadings of false certification must “contain[] ‘enough facts
    to state a claim to relief that is plausible on its face.’” 
    Id. (quoting Bell
    Atl. Corp. v. Twombly,
    
    550 U.S. 544
    , 570 (2007)). “Plausibility is not the same as probability, but rather ‘asks for more
    than a sheer possibility that a defendant has acted unlawfully.’” Ctr. for Bio-Ethical Reform, Inc.
    v. Napolitano, 
    648 F.3d 365
    , 369 (6th Cir. 2011) (“CBER”) (quoting 
    Iqbal, 556 U.S. at 678
    ).
    And “[a]lthough a court must construe a complaint’s allegations in favor of the plaintiff, . . . and
    must accept all factual allegations as true, . . . the court need not accept legal conclusions or
    unwarranted factual inferences.” Debevec v. Gen. Elec. Co., 
    121 F.3d 707
    , at *2 (6th Cir. 1997)
    (table) (internal citations omitted).
    3
    As we noted in Chesbrough, Congress amended the FCA in 2009 in response to the Supreme Court’s
    decision in Allison Engine Co. v. U.S. ex rel. Sanders, 
    553 U.S. 662
    (2008). 655 F.3d at 466 
    n.2 (citing the Fraud
    Enforcement and Recovery Act, Pub. L. No. 111–21 (2009)). Allison held that the old language of
    § 3729(a)(1)(B)—at that time numbered § 3729(a)(2)—contained a specific intent requirement, such that liability
    under the FCA required that the defendant made her false statement “to get” the government to pay a claim. 
    Id. (quoting the
    old language of § 3729(a)(1)(B)). In response, Congress struck the words “to get” from the section,
    thereby eliminating the specific intent requirement. 
    Id. For this
    reason, the above rule statement quoted from
    SNAPP 
    II, 618 F.3d at 509
    , omits the specific-intent element from that opinion’s summary of the elements of an
    FCA claim.
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                  Page 11
    In this case, Relator alleges that KHN falsely certified its compliance with the HITECH
    Act’s requirements, and that KHN received meaningful-use incentive payments as a result. This
    allegation is premised on two conclusions drawn from the facts outlined in her complaint: first,
    that the individual breaches alleged in the complaint either constitute violations of the Act in
    themselves or suggest KHN failed to implement security policies and procedures; and second,
    that KHN’s failure to run CLARITY reports on a regular basis constituted a breach of its duties
    under the Act. Because these conclusions are either facially implausible or based on incorrect
    conclusions of law, we affirm the district court’s dismissal of Relator’s suit pursuant to Rule
    12(b)(6).
    i.       KHN’s alleged breaches of Relator’s e-PHI
    Relator’s complaint alleges KHN’s individual breaches, by themselves, constituted
    violations of the Act. Specifically, Relator argues: (1) KHN’s letters alerting Relator to breaches
    of her e-PHI contained or constituted an admission that KHN violated the HITECH Act; and
    (2) the impermissible running of the “expired medication report” constituted, in itself, a breach
    of KHN’s duties under the HITECH Act. Relator also argues that when taken together, these
    individual breaches suggest an absence of necessary policies or procedures.
    To begin, Relator’s claim that KHN’s individual breaches each constituted a violation of
    the HITECH Act is an incorrect conclusion of law. The Act’s implementing regulations require
    providers to “[c]onduct or review a security risk analysis,” “implement security updates as
    necessary,”   and   “correct   identified   security   deficiencies.”    See,   e.g.,   42   C.F.R.
    §§ 495.6(d)(15)(ii), (f)(14)(ii). This language indicates that compliance is premised on the
    process of analyzing and reviewing security policies and procedures; attestation of compliance is
    not rendered false by virtue of individual breaches. See 
    id. Indeed, materials
    distributed by
    CMS discussing compliance with the objective state that providers need not “fully mitigate all
    risks” of e-PHI breaches before attesting to Act compliance. See CMS, Security Risk Analysis
    Tipsheet: Protecting Patients’ Health Information 5 (Revised Dec. 2013), https://www.cms.gov/
    Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRisk
    No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 12
    Assessment_FactSheet_Updated20131122.pdf.4 Instead, “[t]he EHR incentive program requires
    correcting any deficiencies [in security] (identified during the risk analysis) . . . .” 
    Id. Similarly, 45
    C.F.R. § 164.308(a)(1) requires health care providers to “[i]mplement
    policies and procedures to prevent, detect, contain, and correct security violations.” The more
    detailed regulations contained in subsection (a)(1)(ii) likewise indicate that individual breaches
    do not negate compliance: those regulations state that risks should be reduced to a “reasonable
    and appropriate level,” and that providers should “[a]pply appropriate sanctions against”
    employees who violate security policies. 
    Id. This language
    plainly contemplates occasional
    breaches of e-PHI. Thus, as KHN aptly states, “[t]he regulations . . . do not impose a strict
    liability standard that requires hospitals to prevent all privacy breaches.” (Def.’s Br. at 11.)
    For these reasons, KHN’s admissions that Relator’s e-PHI was improperly accessed
    could not, by themselves, render “false” any of KHN’s attestations of Act compliance. The same
    holds true for the impermissible running of the “expired medication report.”                          See 
    CBER, 648 F.3d at 369
    (“[T]he general rule that the court must accept as true all allegations in the
    complaint ‘is inapplicable to legal conclusions.’” (quoting 
    Twombly, 550 U.S. at 570
    )).
    Relator’s complaint also states that these individual breaches, taken together, indicate a
    lack of policies and procedures. Her proposed amended complaint adds no new facts to support
    this claim. Assuming occasional breaches of e-PHI can support a reasonable inference that
    security policies and procedures do not exist, Relator’s allegations fail to support such an
    inference. See 
    id. (“A claim
    is plausible on its face if the plaintiff pleads factual content that
    allows the court to draw the reasonable inference that the defendant is liable for the misconduct
    alleged.” (emphasis added) (internal quotation marks omitted)).
    Relator’s own allegations, which we must accept as true, indicate that KHN did have
    policies and procedures in place. Those allegations assert that “[KHN] revealed that there had
    4
    The CMS website contains numerous resources (pertaining to the incentive program) distributed by
    CMS over the years of HITECH Act implementation. See, e.g., CMS, Resources for Previous Years of the
    HER Incentive Programs (last modified Dec. 18, 2015), https://www.cms.gov/Regulations-and-
    Guidance/Legislation/EHRIncentivePrograms/RequirementsforPreviousYears.html. We reference this particular
    document because it provides some clarity as to what the security and privacy objective required of providers during
    Stage 1 of HITECH Act implementation.
    No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                           Page 13
    been a breach of Relator Vicki Sheldon’s private electronic health records” in the two letters she
    attached to her complaint. (R. 4 at ¶ 16.) Notably, these letters state that the breaches of
    Relator’s e-PHI were “inappropriate/unauthorized and in violation of [KHN] policy and
    procedure,” that KHN conducted an investigation, and that it would be notifying HHS of the
    breach. (R. 1-1, Pg ID # 10, 12.) Even assuming, however, that these statements are not true,
    that Relator even received such letters indicates that KHN has some procedure in place for
    detecting unauthorized access to e-PHI, as well as a policy of investigating such unauthorized
    access and notifying patients whose information was breached.
    For these reasons, we agree with the district court’s conclusion that Relator’s allegations
    that KHN lacked the requisite policies and procedures are not facially plausible. U.S. ex rel.
    Sheldon v. Kettering Health Network, No. 1:14-CV-345, 
    2015 WL 74950
    , at *5–6 (S.D. Ohio
    Jan. 6, 2015).5
    ii.      KHN’s alleged failure to run CLARITY reports on a regular
    basis
    In support of her claim that KHN falsely attested to HITECH Act compliance, Relator
    relies on the following chain of inference: first, KHN’s failure/refusal to provide Relator with
    CLARITY reports when asked indicated that it had not run them; second, KHN’s failure to run
    CLARITY reports indicated that it “had failed to follow the usual steps and standards in the
    industry to protect medical information” (R. 4 at ¶ 16); and third, failing to follow industry
    standards by running CLARITY reports on a regular basis constituted a breach of KHN’s duties
    under the HITECH Act. Relator’s proposed amended complaint does nothing to bolster this
    chain of inference or the facts supporting it; the amended complaint merely adds the conclusory
    allegation that “failure to use and run [CLARITY] reports and review them for violations
    5
    Relator’s complaint alleges that KHN violated the Act by “failing to implement policies and procedures
    that allow only authorized persons to access electronic protected health information,” as required under 45 C.F.R.
    § 164.312(a) and (b). (See R. 4 at ¶¶ 26, 31.) But because the security and privacy objective references only
    §§ 164.312(a)(2)(iv) and 164.306(d)(3), this allegation appears to be premised on a mistaken reading of the law.
    42 C.F.R. §§ 495.6(j)(16)(ii), (l)(15)(ii). Section 164.312(a)(2)(iv) requires KHN to “[i]mplement a mechanism to
    encrypt and decrypt electronic protected health information.” Relator’s complaint contains no allegations regarding
    data encryption, and none of the facts stated in the complaint would permit an inference that KHN failed to
    implement data encryption mechanisms. For these reasons, we do not discuss this issue further.
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network               Page 14
    indicates that a provider has failed to implement policies and procedures for protecting patient
    private health information.” (R. 14-1 at ¶ 10.)
    Even assuming the cogency of the first two links in Relator’s inferential chain, the final
    link is an incorrect conclusion of law. As we stated above, HITECH Act compliance is premised
    on the process of conducting security risk analyses and correcting any security deficiencies
    located thereby, see 42 C.F.R. §§ 495.6(d)(15)(ii), (f)(14)(ii), as well as implementing
    appropriate policies and procedures. 45 C.F.R. § 164.308(a)(1). Neither the Act nor the HIPAA
    regulations to which it refers require that providers adhere to a particular schedule for running
    reports, or to purchase and use a particular brand of EHR software. See 
    id. In sum,
    we agree
    with the district court’s conclusion that “[t]he HITECH Act requires hospitals to implement a
    system to protect e-PHI; it does not require covered entities to use a particular e-PHI product or
    vendor or to run a specific type of monitoring report.” U.S. ex rel. Sheldon v. Kettering Health
    Network, No. 1:14-CV-345, 
    2015 WL 74950
    , at *4 (S.D. Ohio Jan. 6, 2015).
    Because Relator’s claim that KHN’s attestation of HITECH Act compliance was false is
    based either on implausible inferences or incorrect conclusions of law, we conclude that Relator
    failed to adequately plead the “false statement” element of her FCA claim. See SNAPP 
    II, 618 F.3d at 509
    .
    2.     Relator failed to plead a specific claim for payment
    The FCA requires relators to establish “that the defendant . . . submitted a claim for
    payment to the federal government.” SNAPP 
    II, 618 F.3d at 509
    . In this Circuit, there is “[a]
    clear and unequivocal requirement that a relator allege specific false claims” when pleading a
    violation of the FCA. Bledsoe II, 
    501 F.3d 504
    . This requirement derives from the fact that “the
    [FCA] statute attaches liability, not to the underlying fraudulent activity or to the government’s
    wrongful payment, but to the ‘claim for payment.’” Sanderson v. HCA-The Healthcare Co.,
    
    447 F.3d 873
    , 877–78 (6th Cir. 2006) (quoting United States v. Rivera, 
    55 F.3d 703
    , 709 (1st Cir.
    1995)); see also U.S. ex rel. Clausen v. Lab. Corp. of Am., 
    290 F.3d 1301
    , 1311 (11th Cir. 2002)
    (“The submission of a claim is thus not . . . a ‘ministerial act,’ but the sine qua non of a False
    Claims Act violation.”).
    No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 15
    In SNAPP I, for example, the relator alleged that the defendant received, between
    1991 and 2001, an undetermined number of government contracts based on fraudulent
    misrepresentations made in reports filed annually with the federal 
    government. 532 F.3d at 506
    .
    The relator also alleged the approximate value of those contracts. 
    Id. Despite pleading
    these
    details with specificity, 
    id., we affirmed
    dismissal of the relator’s complaint because the relator
    had “not complied with Bledsoe II’s mandate that ‘[i]n order for a relator to proceed to discovery
    on a fraudulent scheme,’ it must plead with specificity ‘characteristic example[s]’ that are
    ‘illustrative of [the] class’ of all claims covered by the fraudulent scheme.” 
    Id. (quoting Bledsoe
    II, 501 F.3d at 510
    –11); see also 
    Sanderson, 447 F.3d at 877
    (“Rule 9(b) ‘does not permit a False
    Claims Act plaintiff merely to describe a private scheme in detail but then to allege simply . . .
    that claims requesting illegal payments must have been submitted, were likely submitted or
    should have been submitted to the Government.’”).
    This case is on all fours with SNAPP I. At its most specific, Relator’s complaint alleges
    that KHN “falsely certified to the United States Government that it had complied with the
    HITECH Act to collect ‘Meaningful Use’ monies” (R. 4 at ¶ 25) in an amount “believed to
    exceed $75,000,000.00.” (Id. at ¶ 27.) Nowhere, however, does the complaint allege a specific
    false claim for payment. Although Relator asserts KHN received government money “as a
    result” of false certification, this equates to an allegation that claims “must have been submitted”
    at some point—allegations explicitly held insufficient in 
    Sanderson, 447 F.3d at 877
    . Thus, the
    district court was correct in dismissing Relator’s complaint for, inter alia, failing to “identify
    with specificity examples that are illustrative of the class of all claims covered by the fraudulent
    scheme.” U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 
    2015 WL 74950
    ,
    at *6 (S.D. Ohio 2015).6
    The additional facts in Relator’s proposed amended complaint likewise fail to meet the
    FCA’s heightened pleading standards. The additional facts relevant here allege that KHN falsely
    attested to its compliance with the HITECH Act on an annual basis, and that certification was
    6
    Tellingly, before filing her proposed amended complaint, Relator submitted a motion admitting that “[i]n
    order for the Relator to answer the Defendant’s Motion to Dismiss on the issue of the heightened pleading standard .
    . . Relator needs to possess information as to the time, date, place, and person making a HiTech certification.”
    (R. 10, Pl.’s Mot. for Discovery, Pg ID # 299.) Relator’s amended complaint did not add such information.
    No 15-3075               U.S. ex rel. Sheldon v. Kettering Health Network                            Page 16
    “required . . . in 2011, 2012, and 2013.” (R. 14-1 at ¶ 23, Pg ID # 332.) Even with these
    additional facts, however, Relator’s pleadings are insufficient under this Court’s holding in
    SNAPP I because she fails to allege a characteristic example of a false claim for payment. The
    Act’s implementing regulations establish that attestation is provider-specific: incentive payments
    are calculated, in part, using the volume of patients that a particular hospital or professional
    treated during the reporting year.           See 42 C.F.R. §§ 495.102(a)(1) (eligible professionals),
    495.104(c)(2) (hospitals). CMS materials likewise suggest that meeting the security and privacy
    objective requires review of the “physical safeguards” and security protocols at each individual
    provider’s “facility and other places where patient data is accessed.” See CMS, Security Risk
    Analysis Tipsheet: Protecting Patients’ Health Information 4 (Revised Dec. 
    2013), supra
    .
    Relator’s proposed amended complaint states that KHN is “a network of hospitals,
    medical facilities and physicians” (R. 14-1 at ¶ 4), and that KHN “serves as the records custodian
    for many doctors and physicians” (id. at ¶ 25), but it fails to name a single hospital or
    professional in KHN’s network for whom attestation was rendered “false” by virtue of KHN’s
    allegedly deficient security protocols.           Relator’s allegations might create an inference that
    security flaws affected all providers in KHN’s network.7 But this amounts to an allegation of a
    broader fraudulent scheme. Under our holding in SNAPP I, “[i]n order for a relator to proceed to
    discovery on a fraudulent scheme, it must plead with specificity characteristic example[s] that
    are illustrative of [the] class of all claims covered by the fraudulent 
    scheme.” 532 F.3d at 506
    (internal quotation marks omitted).             Merely implying that attestations “must have been
    submitted” by certain unnamed providers in the KHN network does not satisfy Rule 9(b). See id.
    (quoting 
    Sanderson, 447 F.3d at 877
    ).8
    7
    This inference, however, is attenuated: Relator’s complaint contains no facts regarding KHN’s EHR
    infrastructure, and it does not explicitly state whether Duane Sheldon was able to access Relator’s e-PHI because of
    network-wide flaws in KHN’s security protocols or because of the flaws at the physical location of a particular
    provider. This deficiency in Relator’s complaint is exemplified by her allegation that a KHN employee
    impermissibly ran a report containing her e-PHI that “sat on an unmonitored printer for hours, allowing improper
    access by any employee that chose to review it.” (R. 4 at ¶ 19; R. 14-1 at ¶ 20.) Yet, Relator does not state where
    this printer is located.
    8
    The proposed amended complaint also states the names and titles of KHN employees allegedly involved
    in KHN’s attestations of Act compliance. In Bledsoe II, we held that “while such information is relevant to the
    inquiry of whether a relator has pled the circumstances constituting fraud with particularity, it is not mandatory.”
    No 15-3075              U.S. ex rel. Sheldon v. Kettering Health Network                      Page 17
    Relator argues on appeal that she has sufficient “first-hand knowledge” of KHN’s false
    claims to satisfy Rule 9(b)’s heightened pleading standards. (Pl.’s Reply Br. at 13–16.) This
    argument is similar to one made by the relators in 
    Chesbrough, 655 F.3d at 471
    . In that case, the
    relators cited footnote 12 in Blesdoe 
    II, 501 F.3d at 504
    , for the proposition that:
    the requirement that a relator identify an actual false claim may be relaxed when,
    even though the relator is unable to produce an actual billing or invoice, he or she
    has pled facts which support a strong inference that a claim was submitted. Such
    an inference may arise when the relator has “personal knowledge that the claims
    were submitted by Defendants . . . for payment.”
    
    Id. In holding
    that a “relaxed” standard—to the extent it even exists in this Circuit—was not
    applicable in that case, we observed that cases applying a relaxed standard involved relators with
    “personal knowledge” that was based either on working in the defendants’ billing departments,
    or on discussions with employees directly responsible for submitting claims to the government.
    
    Id. at 471–72
    (distinguishing Hill v. Morehouse Med. Assocs., Inc., 
    2003 WL 22019936
    (11th
    Cir. August 15, 2003) (unpublished); United States v. R & F Prop. of Lake Cty., Inc., 
    433 F.3d 1349
    (11th Cir. 2005); U.S. ex rel. Lane v. Murfreesboro Dermatology Clinic, PLC, 
    2010 WL 1926131
    (E.D. Tenn. May 12, 2010)); see also U.S. ex rel. Marlar v. BWXT Y-12, L.L.C.,
    
    525 F.3d 439
    , 446 (6th Cir. 2008) (declining to apply Bledsoe II’s “relaxed standard”).
    As in Chesbrough, we need not decide whether a relaxed standard exists in this Circuit
    because Relator lacks the “personal knowledge” necessary to qualify. Although Relator has
    some personal knowledge regarding the nature of the alleged fraudulent certification—
    specifically, knowledge of EPIC software and KHN’s alleged failure to use that software
    effectively—such knowledge is not relevant to specific claims analysis. Relator does not claim
    that she worked in KHN’s security or billing departments, or that she ever spoke with those
    directly responsible for HITECH Act certification. And although her relationship with a KHN
    employee likely provided her with additional insight into KHN’s policies and procedures,
    Relator never alleges that this relationship gave her the sort of “personal knowledge” found in
    cases applying a relaxed standard. See Chesbrough, 
    655 F.3d 471
    –72. Thus, Relator lacks 
    the 501 F.3d at 506
    . Even so, Relator’s proposed amended complaint does not state for which provider(s) in KHN’s
    network these employees submitted attestation.
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 18
    personal knowledge necessary to “support a strong inference—rather than simply a possibility—
    that a false claim was presented to the government.” 
    Id. at 472.
    For these reasons, Relator’s complaint and proposed amended complaint fail to satisfy
    the “clear and unequivocal requirement that a relator allege specific false claims” when pleading
    a violation of the FCA. Bledsoe II, 
    501 F.3d 504
    . This deficiency, combined with Relator’s
    failure to adequately plead a false claim, leads us to conclude that neither of Relator’s complaints
    “contain[s] sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible
    on its face.’” 
    Iqbal, 556 U.S. at 678
    (quoting 
    Twombly, 550 U.S. at 570
    ); see also In re
    Omnicare, Inc. Sec. Litig., 
    769 F.3d 455
    , 469 (6th Cir. 2014) (noting Twombly’s plausibility
    requirement applies “to each element of the cause of action”).
    C.      Res judicata
    Although we ultimately agree with the district court’s determination that Relator’s
    complaint fails to state a claim, we note that even had we felt differently, Relator’s claims would
    likely be barred under the doctrine of res judicata. Thus, like the district court below, we
    conclude that res judicata provides an alternative basis for dismissing Relator’s complaint.
    Under the doctrine of res judicata, “a final judgment on the merits bars further claims by
    parties or their privies based on the same cause of action.” Montana v. United States, 
    440 U.S. 147
    , 153 (1979) (citations omitted). When evaluating whether a state-court judgment bars
    further claims in a federal forum, “[f]ederal courts must give the same preclusive effect to a
    state-court judgment as that judgment receives in the rendering state.” Abbott v. Michigan,
    
    474 F.3d 324
    , 330 (6th Cir. 2007) (citing 28 U.S.C. § 1738). Thus, because KHN argues that the
    Ohio state court’s decision precludes Relator’s federal action, we analyze the preclusive effect of
    that decision under Ohio law.
    In Grava v. Parkman Township, 
    653 N.E.2d 226
    , 229 (Ohio 1995), the Ohio Supreme
    Court held that “[a] valid, final judgment rendered upon the merits bars all subsequent actions
    based upon any claim arising out of the transaction or occurrence that was the subject matter of
    the previous action.” The court explained:
    No 15-3075              U.S. ex rel. Sheldon v. Kettering Health Network                  Page 19
    When a valid and final judgment rendered in an action extinguishes the plaintiff’s
    claim pursuant to the rules of merger or bar . . ., the claim extinguished includes
    all rights of the plaintiff to remedies against the defendant with respect to all or
    any part of the transaction, or series of connected transactions, out of which the
    action arose.
    
    Id. (alteration in
    original) (quoting Restatement (Second) of Judgments § 24(1) (Am. Law Inst.
    1982)).
    In Hapgood v. City of Warren, 
    127 F.3d 490
    (6th Cir. 1997), we distilled Grava’s holding
    into a four-element test for establishing res judicata under Ohio law. There must be:
    (1) a prior final, valid decision on the merits by a court of competent jurisdiction;
    (2) a second action involving the same parties, or their privies, as the first; (3) a
    second action raising claims that were or could have been litigated in the first
    action; and (4) a second action arising out of the transaction or occurrence that
    was the subject matter of the previous action.
    
    Id. at 493;
    see also Ohio ex rel. Boggs v. City of Cleveland, 
    655 F.3d 516
    , 520 (6th Cir. 2011)
    (“The party asserting the defense bears the burden of proof.”). These elements are addressed in
    turn.
    1.      Final decision on the merits
    Under Ohio law, “a dismissal grounded on a complaint’s failure to state a claim upon
    which relief can be granted constitutes . . . an adjudication on the merits. As a result, res judicata
    bars refiling the claim.” State ex rel. Arcadia Acres v. Ohio Dep’t of Job & Family Servs.,
    
    914 N.E.2d 170
    , 174 (Ohio 2009) (internal quotation marks omitted) (citing Ohio Civ. R. 41(B)).
    Here, the Montgomery County Court of Common Pleas dismissed Relator’s state action in its
    entirety for “failure to state a claim upon which relief can be granted.” Sheldon v. Kettering
    Adventist HealthCare, 2014 CV 03304, at *3 (Montgomery Cty. Ct. Com. Pl. 2014).
    Relator argues that this decision was not “final” because her state case involves “new law
    that is still under review by an appellate Court, and, most probably, is on its way to the Ohio
    Supreme Court however decided.” (Pl.’s Reply Br. at 10.) We addressed a similar argument in
    Hapgood. 
    See 127 F.3d at 494
    n.3. In Hapgood, a federal district court granted the defendant
    summary judgment on the ground of res judicata while the plaintiff’s case in Ohio state court
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                  Page 20
    was on appeal. 
    Id. Nonetheless, we
    concluded that “[t]he pendency of an appeal . . . does not
    prohibit application of claim preclusion. The prior state court judgment remains ‘final’ for
    preclusion purposes, unless or until overturned by the appellate court.” 
    Id. (citing Cully
    v.
    Lutheran Med. Ctr., 
    523 N.E.2d 531
    , 532 (Ohio 1987)).
    As with Hapgood, the fact that Relator’s state claims were on appeal when the federal
    district court entered its judgment does not affect the analysis under res judicata. Thus, the “final
    decision on the merits” element is met in this case.
    2.      Second action involving the same parties
    In Ohio, application of res judicata requires the parties to the first action be identical to,
    or privies with, those in the second (precluded) action. Johnson’s Island, Inc. v. Danbury Twp.
    Bd. of Trs., 
    431 N.E.2d 672
    , 675 (Ohio 1982). Ohio courts “have applied a broad definition to
    determine whether the relationship between the parties is close enough to invoke the doctrine” of
    res judicata. Kirkhart v. Keiper, 
    805 N.E.2d 1089
    , 1092 (Ohio 2004). “Thus, a mutuality of
    interest, including an identity of desired result, may create privity.” 
    Id. (internal quotation
    marks
    omitted). In this case, both the Ohio and federal actions involve Relator as plaintiff and KHN as
    defendant. Moreover, because the Ohio court entered judgment in Relator’s state action before
    the federal district court, the federal case became the second action for res judicata purposes.
    Relator appears to argue that the parties in her federal and state cases are different
    because the state case “has two additional parties (Plaintiff Vicki Sheldon’s daughter and her
    grandson) . . . .” (See Pl.’s Br. at 12.) The relevant inquiry for this element, however, is whether
    the plaintiff and defendant in the precluded action were opposing parties in the first action; the
    presence of additional plaintiffs does not affect the analysis. See, e.g., Awad v. Chrysler Grp.
    LLC, No. 11-14082, 
    2013 WL 5816505
    , at *7 (E.D. Mich. Oct. 29 2013) (“There can be no
    question that Chrysler was a defendant in both actions. That Chrysler is the only defendant in the
    subsequent federal court action does not alter the analysis.”); Ray v. Citibank, N.A., No. 256322,
    
    2005 WL 3179677
    , at *2 (Mich. Ct. App. Nov. 29, 2005) (“It is also undisputed that plaintiff and
    defendant were opposing parties in the federal action. Under federal law, it is immaterial for res
    judicata purposes that the prior action included additional parties.”). Even if this were not the
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 21
    case, the “mutuality of interest, including an identity of desired result” between the parties in
    Relator’s federal and state actions, would be sufficient to satisfy this element.         
    Kirkhart, 805 N.E.2d at 1092
    .
    Relator also argues that because res judicata applies only to “subsequent” actions, this
    element is not met because her federal case was the first action filed. This misstates the rule: the
    relevant inquiry for res judicata is which action resulted in judgment first, not which action was
    filed first. See, e.g., Lesher v. Lavrich, 
    784 F.2d 193
    , 195 (6th Cir. 1986) (“[F]ederal courts must
    give prior state court judgments the same preclusive effect they would have in the courts of that
    state.” (emphasis added)). Thus, because the Ohio state court issued its final judgment first,
    despite being the second action filed, Relator’s federal case is the “second” or “subsequent”
    action for res judicata purposes.
    For these reasons, the second element of res judicata is met in this case.
    3.      The second action arises from claims that were or could have been
    litigated in the first action
    To apply res judicata in Ohio, it must be true that the claims in the precluded action
    “could have been litigated in the first action.” 
    Hapgood, 127 F.3d at 493
    . As the “could have”
    phrasing implies, this element concerns only the legal possibility of bringing the disputed claims
    in the previous action. See 
    Hapgood, 127 F.3d at 494
    ; see also 
    Boggs, 655 F.3d at 522
    –23
    (holding res judicata not applicable where disputed claims were not ripe when previous action
    commenced); Demsey v. Demsey, 488 F. App’x 1, 5–6 (6th Cir. 2012) (emphasizing that the
    disputed claims “could have been” raised in the previous action); Doe ex rel. Doe v. Jackson
    Local Sch. Dist., 422 F. App’x 497, 501 (6th Cir. 2011) (holding plaintiff could have litigated
    disputed claim in previous action where state’s rules of civil procedure allowed such claims).
    In this case, because the Ohio state court action was the first to reach a final adjudication
    on the merits, the question is whether Relator could have raised her FCA claim in that action.
    Below, the district court assumed that state courts have concurrent jurisdiction over FCA claims.
    See generally U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 
    2015 WL 74950
    , at *6–7 (S.D. Ohio Jan. 6, 2015). Plaintiff did not challenge this assumption in the
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                 Page 22
    district court and concedes the point on appeal.        (See Pl.’s Reply Br. at 11 (“concurrent
    jurisdiction is present”).) In a recent case involving similar circumstances, we assumed without
    deciding that state courts do possess concurrent jurisdiction over FCA claims. See United States
    v. Chrysler Grp., LLC, 571 F. App’x 366, 369 (6th Cir. 2014). We do the same, and therefore
    conclude that Relator “could have” brought her FCA claim in her state court action.
    Relator argues that bringing her FCA and state tort claims in the same action would have
    been tactically inconvenient because “the entire case would presumably have been under seal
    and languished for months, without discovery . . . .” (Pl.’s Reply Br. at 7.) We addressed a
    similar argument in Wilkins v. Jakeway, 
    183 F.3d 528
    (6th Cir. 1999). In Wilkins, plaintiff’s
    counsel argued that splitting FCA claims and other claims “allow[ed] counsel to immediately
    commence discovery on those claims which were not sealed.”            
    Id. at 535.
        Although we
    ultimately held res judicata was inapplicable, we also stated:
    Although we do not question the veracity of counsel’s intent, the fact remains
    that, by bringing two different suits which present two different theories of the
    case arising from the same factual situation, counsel has engaged in the precise
    behavior the doctrine res judicata seeks to discourage. See generally Restatement
    (Second) of Judgments § 24, 25 cmt. a, d (explaining that res judicata
    extinguishes all claims arising out of the same transaction of [sic] series of
    transactions. As such, a plaintiff is pressured to present all material relevant to
    the claim in one action, including any and all theories of the case even where
    those theories are based on different substantive grounds.). This type of duplicity
    should be avoided at all costs.
    
    Id. We agree
    with Wilkins’ reasoning. Notwithstanding any inconvenience to Relator, the
    doctrine of res judicata commands attention to the burdens placed on defendants, courts, and the
    integrity of judgments by allowing similar claims with identical facts to be re-litigated in a
    second forum. See Restatement (Second) of Judgments § 24 cmt. d (Am. Law Inst. 1982)
    (“When a defendant is accused of successive but nearly simultaneous acts, or acts which though
    occurring over a period of time were substantially of the same sort and similarly motivated,
    fairness to the defendant as well as the public convenience may require that they be dealt with in
    the same action.”); 
    Wilkins, 183 F.3d at 532
    n.4 (summarily rejecting plaintiff’s argument that
    No 15-3075            U.S. ex rel. Sheldon v. Kettering Health Network                   Page 23
    “although both cases could have been litigated in the same action, it is questionable whether they
    should have been litigated in the same case”).
    For these reasons, the third element of res judicata is met in this case.
    4.      Same transaction or occurrence as the previous action
    Ohio’s res judicata doctrine precludes a second action based on the same “transaction, or
    series of connected transactions, out of which the [first] action arose.” 
    Grava, 653 N.E.2d at 229
    .   Quoting the Restatement (Second) of Judgments, Grava held that the second action
    involves the same “transaction” if it concerns the same “common nucleus of operative facts.” 
    Id. (quoting Restatement
    (Second) of Judgments § 24 cmt. b (Am. Law Inst. 1982)). Although not
    quoted in Grava, the full text of the paragraph in the Restatement using the “common nucleus of
    operative facts” language states:
    [i]n general, the expression [“transaction, or series of connected transactions”]
    connotes a natural grouping or common nucleus of operative facts. Among the
    factors relevant to a determination whether the facts are so woven together as to
    constitute a single claim are their relatedness in time, space, origin, or motivation,
    and whether, taken together, they form a convenient unit for trial purposes.
    Though no single factor is determinative, the relevance of trial convenience
    makes it appropriate to ask how far the witnesses or proofs in the second action
    would tend to overlap the witnesses or proofs relevant to the first.
    Restatement (Second) of Judgments § 24 cmt. b (Am. Law Inst. 1982).
    Importantly, Grava held that this element does not require the claims in both actions to be
    identical:
    [res judicata] “applies to extinguish a claim by the plaintiff against the defendant
    even though the plaintiff is prepared in the second action (1) To present evidence
    or grounds or theories of the case not presented in the first action, or (2) To seek
    remedies or forms of relief not demanded in the first 
    action.” 653 N.E.2d at 229
    (quoting Restatement (Second) of Judgments § 25 (Am. Law Inst. 1982));
    see also 
    id. at 382
    (“That a number of different legal theories casting liability on an actor may
    apply to a given episode does not create multiple transactions and hence multiple claims. This
    remains true although the several legal theories . . . would emphasize different elements of the
    facts.” (quoting Restatement (Second) of Judgments § 24 cmt. c)). In sum, satisfaction of this
    No 15-3075             U.S. ex rel. Sheldon v. Kettering Health Network                 Page 24
    element under Ohio law does not require that both cases involve identical causes of action, proof
    of identical elements, or even the presentation of exactly the same evidence. See 
    id. at 382
    –83.
    Yet, in this case, Relator’s state and federal cases are nearly identical: the vast majority
    of the allegations in Relator’s state complaint involve either KHN’s failure to adequately utilize
    EPIC’s CLARITY reports, or KHN’s alleged violation of HIPAA based on Duane Sheldon’s
    improper access to Relator’s e-PHI.         These allegations are mirrored in Relator’s federal
    complaint. In other words, the allegations underlying Relator’s state and federal claims are
    related “in time, space, origin, [and] motivation.” Restatement (Second) of Judgments § 24 cmt.
    b (Am. Law Inst. 1982). Moreover, because both the state and federal claims are based on
    KHN’s alleged failure to satisfy HIPAA standards, those claims would “form a convenient unit
    for trial purposes,” as “the witnesses or proofs in the [federal] action would tend to overlap the
    witnesses or proofs relevant to the [state action].” 
    Id. For these
    reasons, we conclude that Relator’s state and federal cases share a “common
    nucleus of operative facts,” 
    Grava, 653 N.E.2d at 229
    , and that all four elements of res judicata
    are therefore met in this case. Thus, res judicata provides an additional basis for our conclusion
    that the district court did not err by dismissing Relator’s complaint and denying her leave to
    amend.
    CONCLUSION
    For the foregoing reasons, we AFFIRM the district court’s order granting Defendant’s
    motion to dismiss and denying Relator’s motion to amend.
    

Document Info

Docket Number: 15-3075

Citation Numbers: 816 F.3d 399, 2016 FED App. 0059P, 2016 U.S. App. LEXIS 4236, 2016 WL 861399

Judges: Clay, Keith, White

Filed Date: 3/7/2016

Precedential Status: Precedential

Modified Date: 11/5/2024

Authorities (24)

United States v. R&F Properties of Lake County, Inc. , 433 F.3d 1349 ( 2005 )

Center for Bio-Ethical Reform, Inc. v. Napolitano , 648 F.3d 365 ( 2011 )

John H. Hapgood v. City of Warren , 127 F.3d 490 ( 1997 )

patricia-s-mikes-us-govt-ex-rel-patricia-s-mikes , 274 F.3d 687 ( 2001 )

alice-lesher-and-charles-lesher-v-the-hon-frank-g-lavrich-wellington , 784 F.2d 193 ( 1986 )

Bragg v. Flint Board of Education , 570 F.3d 775 ( 2009 )

Allen W. Rose v. Hartford Underwriters Insurance Company , 203 F.3d 417 ( 2000 )

Terry J. Wilkins v. Donald E. Jakeway , 183 F.3d 528 ( 1999 )

Clayton Coffey v. Foamex L.P., and Recticel Foam Corporation , 2 F.3d 157 ( 1993 )

United States v. Alemany Rivera , 139 A.L.R. Fed. 813 ( 1995 )

columbia-natural-resources-inc-stocker-sitler-oil-company-v-zachary , 58 F.3d 1101 ( 1995 )

united-states-of-america-ex-rel-sean-bledsoe , 342 F.3d 634 ( 2003 )

Bell Atlantic Corp. v. Twombly , 127 S. Ct. 1955 ( 2007 )

Ashcroft v. Iqbal , 129 S. Ct. 1937 ( 2009 )

United States Ex Rel. Snapp, Inc. v. Ford Motor Co. , 618 F.3d 505 ( 2010 )

Riverview Health Institute LLC v. Medical Mutual of Ohio , 601 F.3d 505 ( 2010 )

US Ex Rel. Marlar v. Bwxt Y-12, LLC , 525 F.3d 439 ( 2008 )

United States v. Community Health Systems, Inc. , 501 F.3d 493 ( 2007 )

Montana v. United States , 99 S. Ct. 970 ( 1979 )

Allison Engine Co. v. United States Ex Rel. Sanders , 128 S. Ct. 2123 ( 2008 )

View All Authorities »